New Variant of Mac Revir Found

There are reports of a new variant of Mac malware. We are aware of the attack and our customers are already protected. It’s a minor variant of Revir.C. For the payload, it’s basically still the same Imuler variant we wrote about back in September. Most probably it was rebuilt in an effort to avoid detection. As usual, the attack is targeted at Tibetan rights activists.

Hopefully we didn’t confuse you with our names. We detect the dropper component as Revir while the backdoor payload is called Imuler. This was because when we first discovered the family last year, we thought that the dropper might be customized to carry a different malware as payload. But so far, Revir and Imuler have always been used together.

We have updated our database since yesterday to detect the new variants.

Our descriptions are also now online. Please check them out for more details:

  •  Trojan-Dropper:OSX/Revir.D (MD5: 2d84bfbae1f1b7ab0fc1ca9dd372d35e)
  •  Backdoor:OSX/Imuler.B (MD5: 9ccc685f4d95403848ca24d9b8003b5b)

On 14/11/12 At 09:00 AM

Read more: New Variant of Mac Revir Found

Story added 14. November 2012, content source with full text you can find at link above.